Quentin Gliech
23b626f2e6
Support for MSC4190: device management for application services ( #17705 )
...
This is an implementation of MSC4190, which allows appservices to manage
their user's devices without /login & /logout.
---------
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
2024-12-04 12:04:49 +01:00
Michael Telatynski
02ebcf7725
Use custom stage UIA error for MAS cross-signing reset ( #17509 )
...
Rather than 501 M_UNRECOGNISED
Client side implementation at
https://github.com/matrix-org/matrix-react-sdk/pull/12892/
2024-08-30 14:52:57 +02:00
Richard van der Hoff
3aae60f17b
Enable cross-signing key upload without UIA ( #17284 )
...
Per MSC3967, which is now stable, we should not require UIA when
uploading cross-signing keys for the first time.
Fixes : #17227
2024-06-14 11:14:56 +01:00
Erik Johnston
23740eaa3d
Correctly mention previous copyright ( #16820 )
...
During the migration the automated script to update the copyright
headers accidentally got rid of some of the existing copyright lines.
Reinstate them.
2024-01-23 11:26:48 +00:00
Erik Johnston
eaad9bb156
Merge remote-tracking branch 'gitlab/clokep/license-license' into new_develop
2023-12-13 15:11:56 +00:00
David Robertson
32a59a6495
Keep track of `user_ips` and `monthly_active_users` when delegating auth ( #16672 )
...
* Describe `insert_client_ip`
* Pull out client_ips and MAU tracking to BaseAuth
* Define HAS_AUTHLIB once in tests
sick of copypasting
* Track ips and token usage when delegating auth
* Test that we track MAU and user_ips
* Don't track `__oidc_admin`
2023-11-23 12:35:37 +00:00
Patrick Cloke
8e1e62c9e0
Update license headers
2023-11-21 15:29:58 -05:00
Patrick Cloke
55c20da4a3
Merge remote-tracking branch 'origin/release-v1.91' into release-v1.92
2023-09-06 11:25:28 -04:00
Quentin Gliech
1940d990a3
Revert MSC3861 introspection cache, admin impersonation and account lock ( #16258 )
2023-09-06 15:19:51 +01:00
Patrick Cloke
a8a46b1336
Replace simple_async_mock with AsyncMock ( #16180 )
...
Python 3.8 has a native AsyncMock, use it instead of a custom
implementation.
2023-08-25 09:27:21 -04:00
Shay
69048f7b48
Add an admin endpoint to allow authorizing server to signal token revocations ( #16125 )
2023-08-22 14:15:34 +00:00
Mathieu Velten
2d15e39684
MSC3861: allow impersonation by an admin using a query param ( #16132 )
2023-08-18 15:46:46 +02:00
Shay
54a51ff6c1
Cache token introspection response from OIDC provider ( #16117 )
2023-08-17 10:53:10 -07:00
Quentin Gliech
ceb3dd77db
Enforce that an admin token also has the basic Matrix API scope
2023-05-30 09:43:06 -04:00
Quentin Gliech
f739bde962
Reject tokens with multiple device scopes
2023-05-30 09:43:06 -04:00
Quentin Gliech
14a5be9c4d
Handle errors when introspecting tokens
...
This returns a proper 503 when the introspection endpoint is not working
for some reason, which should avoid logging out clients in those cases.
2023-05-30 09:43:06 -04:00
Quentin Gliech
e343125b38
Disable incompatible Admin API endpoints
2023-05-30 09:43:06 -04:00
Quentin Gliech
4d0231b364
Make AS tokens work & allow ASes to /register
2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith
249f4a338d
Refactor config to be an experimental feature
...
Also enforce you can't combine it with incompatible config options
2023-05-30 09:43:06 -04:00
Quentin Gliech
31691d6151
Disable account related endpoints when using OAuth delegation
2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith
5fe96082d0
Actually enforce guest + return www-authenticate header
2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith
28a9663bdf
Initial tests for OAuth delegation
2023-05-30 09:43:06 -04:00